WE CLAIM: 



1 . A tunnel endpoint device comprising: 

a network interface connected to a local area network having a cluster of tunnel endpoint 
5 devices, the tunnel endpoint device being one of the cluster, the network interface configured to 
receive a Start-Control-Connection-Request (SCCRQ) message via the local area network to 
initiate establishment of a tunnel connection, wherein the SCCRQ includes a destination address 
field modified to be set to a local address of the tunnel endpoint device and a tunnel ID value 
assigned by a tunnel initiator to the tunnel connection being set-up; 
10 means for forming a Start-Control-Connection-Reply (SCCRP) message having an 

address of the tunnel initiator, the tunnel ID value assigned to the tunnel connection by the tunnel 
initiator, and a tunnel ID value assigned to the tunnel connection by the tunnel endpoint device; 
and 

means for transmitting the SCCRP message to a network address translation server via 
1 5 the network interface. 

2. The tunnel endpoint device of claim 1 , further comprising means for receiving a 
Start-Control-Connection-Connected (SCCN) message to establish a tunnel connection between 
the tunnel initiator and the tunnel endpoint device. 

20 

3. The tunnel endpoint device of claim 1, further comprising means for forming load 
status messages that indicate a current traffic load of the tunnel endpoint device. 
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4. A cluster master device comprising: 

a first interface coupled to a first network having a plurality of network devices; and 
a second interface for communicating with a second network, 
5 wherein the cluster master device has a master global address that is unique on the second 

network, and 

wherein the cluster master device is configured to receive from the second network 
tunnel connection request messages having the master global address in a destination address 
field and, for each tunnel connection request message received: 
10 (i) select one of the plurality of network devices; 

(ii) insert a local address for the selected network device into the destination 
address field of the received tunnel connection request message; and 

(iii) transmit the received tunnel connection request message as modified over 
the first network interface onto the first network. 

15 

5. The cluster master device of claim 4, wherein the cluster master device selects 
one of the plurality of network devices based on a traffic load of each network device. 

6. The cluster master device of claim 4, wherein the cluster master device receives 
20 load status messages from each network device and assigns the received tunnel connection 

request message to the network device that currently has the lowest traffic load as indicated by 
the load status messages. 
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7. The cluster master device of claim 4, wherein the tunnel connections are Layer 2 
Tunneling Protocol (L2TP) connections. 

5 8. The cluster master device of claim 4, wherein the first network is a local area 

network (LAN) and the second network is an Internet protocol (IP) network. 

9. The cluster master device of claim 4, wherein the tunnel connection request 
messages include a source address field set to an IP address of a tunnel initiator, and a source 

10 tunnel ID field set to a tunnel ID value assigned to the tunnel connection by the tunnel initiator. 

10. The cluster master device of claim 4, wherein the cluster master device keeps 
track of network devices that are out of service or temporarily inactive. 

15 11. A method for terminating tunnel connections comprising: 

receiving a tunnel connection request message; 

receiving a load status message from each tunnel endpoint device of a plurality of tunnel 
endpoint devices on a network; 

based on the load status messages, selecting a tunnel endpoint device to receive the 
20 tunnel connection request message; and 

assigning the tunnel connection request message to the selected tunnel endpoint device. 
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12. The method of claim 1 1 , wherein selecting the tunnel endpoint device to receive 
the tunnel connection request message comprises: 

based on the load status messages, determining which tunnel endpoint device has the 
lowest load; and 

5 selecting the tunnel endpoint device that has the lowest load. 



13. The method of claim 11, wherein assigning the tunnel connection request message 
to the selected tunnel endpoint device comprises: 

inserting a local address for the selected tunnel endpoint device into a destination address 
10 field of the tunnel connection request message; and 

transmitting the tunnel connection request message as modified onto the network. 



14. A method for terminating tunnel connections comprising: 
receiving tunnel connection request messages having a master global address in a 
15 destination address field and, for each tunnel connection request message received: 

selecting one of a plurality of network devices connected to a network; 
inserting a local address for the selected network device into the destination 
address field of the received tunnel connection request message; and 

transmitting the received tunnel connection request message as modified onto the 
20 network. 
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15. The method of claim 14, further comprising transmitting a tunnel set-up reply 
message over the network, wherein the tunnel set-up reply message includes a source address 
field having the address of the selected network device. 

16. The method of claim 15, wherein transmitting the tunnel set-up reply message 
over the network comprises: 

transmitting the tunnel set-up reply to a network address translation (NAT) server; 
replacing the address of the selected network device in the source address field of the 
tunnel set-up reply message with a global address for the NAT server; 

storing a table entry accessible to the NAT server that relates the global address to the 
address of the selected network device; and 

transmitting the tunnel set-up reply message onto the network. 

17. The method of claim 14, wherein selecting one of the plurality of network devices 
15 connected to the network comprises selecting one of the plurality of network devices based upon 

a traffic load on each of the network devices. 

18. The method of claim 14, further comprising receiving load status messages from 
each of the plurality of network devices. 

20 
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19. The method of claim 18, wherein selecting one of the plurality of network devices 
connected to the network comprises selecting one of the plurality of network devices based upon 
which network device currently has the lowest load as indicated by the load status messages. 

5 20. The method of claim 14, wherein the tunnel connections are Layer 2 Tunneling 

Protocol (L2TP) connections. 
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